erik/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2024-08-20 21:08:15 -07:00
Code Issues Projects Releases Wiki Activity

Merge 4b4da73dc6 into a50c8e951f

Browse source
This commit is contained in:
Matt Jankowski 2024-07-31 14:07:13 +00:00 committed by GitHub
commit 33880a8d02
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
30 changed files with 146 additions and 135 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
spec/controllers/activitypub/collections_controller_spec.rb
View file

@ -89,9 +89,10 @@ RSpec.describe ActivityPub::CollectionsController do
end end
it 'returns http success and correct media type and cache headers and empty items' do it 'returns http success and correct media type and cache headers and empty items' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
.and have_http_header('Cache-Control', 'private')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to include 'private'
expect(body_as_json[:orderedItems]) expect(body_as_json[:orderedItems])
.to be_an(Array) .to be_an(Array)
@ -105,9 +106,10 @@ RSpec.describe ActivityPub::CollectionsController do
end end
it 'returns http success and correct media type and cache headers and empty items' do it 'returns http success and correct media type and cache headers and empty items' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
.and have_http_header('Cache-Control', 'private')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to include 'private'
expect(body_as_json[:orderedItems]) expect(body_as_json[:orderedItems])
.to be_an(Array) .to be_an(Array)

5
spec/controllers/activitypub/followers_synchronizations_controller_spec.rb
View file

@ -38,8 +38,9 @@ RSpec.describe ActivityPub::FollowersSynchronizationsController do
let(:remote_account) { Fabricate(:account, domain: 'example.com', uri: 'https://example.com/instance') } let(:remote_account) { Fabricate(:account, domain: 'example.com', uri: 'https://example.com/instance') }
it 'returns http success and cache control and activity json types and correct items' do it 'returns http success and cache control and activity json types and correct items' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to eq 'max-age=0, private' .to have_http_status(200)
.and have_http_header('Cache-Control', 'max-age=0, private')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(body[:orderedItems]) expect(body[:orderedItems])

29
spec/controllers/activitypub/outboxes_controller_spec.rb
View file

@ -62,7 +62,10 @@ RSpec.describe ActivityPub::OutboxesController do
it_behaves_like 'cacheable response' it_behaves_like 'cacheable response'
it 'returns http success and correct media type and vary header and items' do it 'returns http success and correct media type and vary header and items' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
.and have_http_header('Vary', 'Signature')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Vary']).to include 'Signature' expect(response.headers['Vary']).to include 'Signature'
@ -104,10 +107,11 @@ RSpec.describe ActivityPub::OutboxesController do
end end
it 'returns http success and correct media type and headers and items' do it 'returns http success and correct media type and headers and items' do
expect(response).to have_http_status(200) expect(response)
expect(response.media_type).to eq 'application/activity+json' .to have_http_status(200)
expect(response.headers['Cache-Control']).to eq 'max-age=60, private' .and have_http_header('Cache-Control', 'max-age=60, private')
expect(response.media_type).to eq 'application/activity+json'
expect(body_as_json[:orderedItems]).to be_an Array expect(body_as_json[:orderedItems]).to be_an Array
expect(body_as_json[:orderedItems].size).to eq 2 expect(body_as_json[:orderedItems].size).to eq 2
expect(body_as_json[:orderedItems].all? { |item| targets_public_collection?(item) }).to be true expect(body_as_json[:orderedItems].all? { |item| targets_public_collection?(item) }).to be true
@ -121,9 +125,10 @@ RSpec.describe ActivityPub::OutboxesController do
end end
it 'returns http success and correct media type and headers and items' do it 'returns http success and correct media type and headers and items' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
.and have_http_header('Cache-Control', 'max-age=60, private')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to eq 'max-age=60, private'
expect(body_as_json[:orderedItems]).to be_an Array expect(body_as_json[:orderedItems]).to be_an Array
expect(body_as_json[:orderedItems].size).to eq 3 expect(body_as_json[:orderedItems].size).to eq 3
@ -138,10 +143,10 @@ RSpec.describe ActivityPub::OutboxesController do
end end
it 'returns http success and correct media type and headers and items' do it 'returns http success and correct media type and headers and items' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
.and have_http_header('Cache-Control', 'max-age=60, private')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to eq 'max-age=60, private'
expect(body_as_json[:orderedItems]) expect(body_as_json[:orderedItems])
.to be_an(Array) .to be_an(Array)
.and be_empty .and be_empty
@ -155,10 +160,10 @@ RSpec.describe ActivityPub::OutboxesController do
end end
it 'returns http success and correct media type and headers and items' do it 'returns http success and correct media type and headers and items' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
.and have_http_header('Cache-Control', 'max-age=60, private')
expect(response.media_type).to eq 'application/activity+json' expect(response.media_type).to eq 'application/activity+json'
expect(response.headers['Cache-Control']).to eq 'max-age=60, private'
expect(body_as_json[:orderedItems]) expect(body_as_json[:orderedItems])
.to be_an(Array) .to be_an(Array)
.and be_empty .and be_empty

2
spec/controllers/admin/base_controller_spec.rb
View file

@ -23,7 +23,7 @@ describe Admin::BaseController do
sign_in(Fabricate(:user, role: UserRole.find_by(name: 'Moderator'))) sign_in(Fabricate(:user, role: UserRole.find_by(name: 'Moderator')))
get :success get :success
expect(response.headers['Cache-Control']).to include('private, no-store') expect(response).to have_http_header('Cache-Control', 'private, no-store')
end end
it 'renders admin layout as a moderator' do it 'renders admin layout as a moderator' do

2
spec/controllers/api/base_controller_spec.rb
View file

@ -16,7 +16,7 @@ describe Api::BaseController do
it 'returns private cache control headers by default' do it 'returns private cache control headers by default' do
routes.draw { get 'success' => 'api/base#success' } routes.draw { get 'success' => 'api/base#success' }
get :success get :success
expect(response.headers['Cache-Control']).to include('private, no-store') expect(response).to have_http_header('Cache-Control', 'private, no-store')
end end
describe 'forgery protection' do describe 'forgery protection' do

7
spec/controllers/api/oembed_controller_spec.rb
View file

@ -14,9 +14,10 @@ RSpec.describe Api::OEmbedController do
get :show, params: { url: short_account_status_url(alice, status) }, format: :json get :show, params: { url: short_account_status_url(alice, status) }, format: :json
end end
it 'returns private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end
end end

23
spec/controllers/auth/registrations_controller_spec.rb
View file

@ -35,12 +35,10 @@ RSpec.describe Auth::RegistrationsController do
get :edit get :edit
end end
it 'returns http success' do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
end .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control header' do
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
end end
@ -51,16 +49,13 @@ RSpec.describe Auth::RegistrationsController do
before do before do
request.env['devise.mapping'] = Devise.mappings[:user] request.env['devise.mapping'] = Devise.mappings[:user]
sign_in(user, scope: :user) sign_in(user, scope: :user)
put :update
end end
it 'returns http success' do it 'returns http success and private cache control' do
put :update expect(response)
expect(response).to have_http_status(200) .to have_http_status(200)
end .and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control headers' do
put :update
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
it 'can update the user email' do it 'can update the user email' do

10
spec/controllers/filters/statuses_controller_spec.rb
View file

@ -23,12 +23,10 @@ describe Filters::StatusesController do
get :index, params: { filter_id: filter } get :index, params: { filter_id: filter }
end end
it 'returns http success' do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
end .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control headers' do
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
end end

10
spec/controllers/filters_controller_spec.rb
View file

@ -22,12 +22,10 @@ describe FiltersController do
get :index get :index
end end
it 'returns http success' do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
end .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control headers' do
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
end end
end end

10
spec/controllers/invites_controller_spec.rb
View file

@ -22,12 +22,10 @@ describe InvitesController do
get :index get :index
end end
it 'returns http success' do it 'returns http success and private cache control' do
expect(response).to have_http_status(:success) expect(response)
end .to have_http_status(:success)
.and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control headers' do
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
end end

10
spec/controllers/oauth/authorizations_controller_spec.rb
View file

@ -24,14 +24,12 @@ RSpec.describe Oauth::AuthorizationsController do
sign_in user, scope: :user sign_in user, scope: :user
end end
it 'returns http success' do it 'returns http success and private cache control and authorize body' do
subject subject
expect(response).to have_http_status(200)
end
it 'returns private cache control headers' do expect(response)
subject .to have_http_status(200)
expect(response.headers['Cache-Control']).to include('private, no-store') .and have_http_header('Cache-Control', 'private, no-store')
end end
include_examples 'stores location for user' include_examples 'stores location for user'

10
spec/controllers/oauth/authorized_applications_controller_spec.rb
View file

@ -22,14 +22,12 @@ describe Oauth::AuthorizedApplicationsController do
sign_in Fabricate(:user), scope: :user sign_in Fabricate(:user), scope: :user
end end
it 'returns http success' do it 'returns http success and private cache control' do
subject subject
expect(response).to have_http_status(200)
end
it 'returns private cache control headers' do expect(response)
subject .to have_http_status(200)
expect(response.headers['Cache-Control']).to include('private, no-store') .and have_http_header('Cache-Control', 'private, no-store')
end end
include_examples 'stores location for user' include_examples 'stores location for user'

10
spec/controllers/relationships_controller_spec.rb
View file

@ -14,12 +14,10 @@ describe RelationshipsController do
get :show, params: { page: 2, relationship: 'followed_by' } get :show, params: { page: 2, relationship: 'followed_by' }
end end
it 'returns http success' do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
end .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control headers' do
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
end end

7
spec/controllers/settings/aliases_controller_spec.rb
View file

@ -17,9 +17,10 @@ describe Settings::AliasesController do
get :index get :index
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

7
spec/controllers/settings/applications_controller_spec.rb
View file

@ -18,9 +18,10 @@ describe Settings::ApplicationsController do
get :index get :index
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

14
spec/controllers/settings/deletes_controller_spec.rb
View file

@ -14,17 +14,19 @@ describe Settings::DeletesController do
get :show get :show
end end
it 'renders confirmation page with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
context 'when suspended' do context 'when suspended' do
let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) } let(:user) { Fabricate(:user, account_attributes: { suspended_at: Time.now.utc }) }
it 'returns http forbidden with private cache control headers', :aggregate_failures do it 'returns http forbidden and private cache control' do
expect(response).to have_http_status(403) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(403)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end
end end

7
spec/controllers/settings/exports_controller_spec.rb
View file

@ -14,9 +14,10 @@ describe Settings::ExportsController do
get :show get :show
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

12
spec/controllers/settings/imports_controller_spec.rb
View file

@ -19,11 +19,13 @@ RSpec.describe Settings::ImportsController do
get :index get :index
end end
it 'assigns the expected imports', :aggregate_failures do it 'assigns expected imports and returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(assigns(:recent_imports)).to eq [import] .to have_http_status(200)
expect(assigns(:recent_imports)).to_not include(other_import) .and have_http_header('Cache-Control', 'private, no-store')
expect(response.headers['Cache-Control']).to include('private, no-store') expect(assigns(:recent_imports))
.to eq([import])
.and not_include(other_import)
end end
end end

5
spec/controllers/settings/login_activities_controller_spec.rb
View file

@ -18,8 +18,9 @@ describe Settings::LoginActivitiesController do
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success with private cache control headers', :aggregate_failures do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
expect(response.body) expect(response.body)
.to include(login_activity.user_agent) .to include(login_activity.user_agent)
.and include(login_activity.authentication_method) .and include(login_activity.authentication_method)

7
spec/controllers/settings/migration/redirects_controller_spec.rb
View file

@ -16,9 +16,10 @@ describe Settings::Migration::RedirectsController do
get :new get :new
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

7
spec/controllers/settings/preferences/appearance_controller_spec.rb
View file

@ -16,9 +16,10 @@ describe Settings::Preferences::AppearanceController do
get :show get :show
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

7
spec/controllers/settings/preferences/notifications_controller_spec.rb
View file

@ -16,9 +16,10 @@ describe Settings::Preferences::NotificationsController do
get :show get :show
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

7
spec/controllers/settings/preferences/other_controller_spec.rb
View file

@ -16,9 +16,10 @@ describe Settings::Preferences::OtherController do
get :show get :show
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

7
spec/controllers/settings/profiles_controller_spec.rb
View file

@ -17,9 +17,10 @@ RSpec.describe Settings::ProfilesController do
get :show get :show
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

7
spec/controllers/settings/two_factor_authentication_methods_controller_spec.rb
View file

@ -29,9 +29,10 @@ describe Settings::TwoFactorAuthenticationMethodsController do
get :index get :index
end end
it 'returns http success with private cache control headers', :aggregate_failures do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
expect(response.headers['Cache-Control']).to include('private, no-store') .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
end end
end end

10
spec/controllers/statuses_cleanup_controller_spec.rb
View file

@ -16,12 +16,10 @@ RSpec.describe StatusesCleanupController do
get :show get :show
end end
it 'returns http success' do it 'returns http success and private cache control' do
expect(response).to have_http_status(200) expect(response)
end .to have_http_status(200)
.and have_http_header('Cache-Control', 'private, no-store')
it 'returns private cache control headers' do
expect(response.headers['Cache-Control']).to include('private, no-store')
end end
end end

8
spec/requests/accounts_spec.rb
View file

@ -159,12 +159,11 @@ describe 'Accounts show response' do
it 'returns a private JSON version of the account', :aggregate_failures do it 'returns a private JSON version of the account', :aggregate_failures do
expect(response) expect(response)
.to have_http_status(200) .to have_http_status(200)
.and have_http_header('Cache-Control', 'private')
.and have_attributes( .and have_attributes(
media_type: eq('application/activity+json') media_type: eq('application/activity+json')
) )
expect(response.headers['Cache-Control']).to include 'private'
expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary) expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
end end
end end
@ -194,13 +193,12 @@ describe 'Accounts show response' do
it 'returns a private signature JSON version of the account', :aggregate_failures do it 'returns a private signature JSON version of the account', :aggregate_failures do
expect(response) expect(response)
.to have_http_status(200) .to have_http_status(200)
.and have_http_header('Cache-Control', 'private')
.and have_http_header('Vary', 'Signature')
.and have_attributes( .and have_attributes(
media_type: eq('application/activity+json') media_type: eq('application/activity+json')
) )
expect(response.headers['Cache-Control']).to include 'private'
expect(response.headers['Vary']).to include 'Signature'
expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary) expect(body_as_json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :name, :summary)
end end
end end

16
spec/requests/well_known/webfinger_spec.rb
View file

@ -18,9 +18,9 @@ describe 'The /.well-known/webfinger endpoint' do
shared_examples 'a successful response' do shared_examples 'a successful response' do
it 'returns http success with correct media type and headers and body json' do it 'returns http success with correct media type and headers and body json' do
expect(response).to have_http_status(200) expect(response)
.to have_http_status(200)
expect(response.headers['Vary']).to eq('Origin') .and have_http_header('Vary', 'Origin')
expect(response.media_type).to eq 'application/jrd+json' expect(response.media_type).to eq 'application/jrd+json'
@ -116,12 +116,10 @@ describe 'The /.well-known/webfinger endpoint' do
perform_request! perform_request!
end end
it 'returns http success' do it 'returns http success and vary origin header' do
expect(response).to have_http_status(200) expect(response)
end .to have_http_status(200)
.and have_http_header('Vary', 'Origin')
it 'sets only a Vary Origin header' do
expect(response.headers['Vary']).to eq('Origin')
end end
it 'returns application/jrd+json' do it 'returns application/jrd+json' do

4
spec/support/examples/cache.rb
View file

@ -7,8 +7,8 @@ shared_examples 'cacheable response' do |expects_vary: false|
expect(session).to be_empty expect(session).to be_empty
expect(response.headers['Vary']).to include(expects_vary) if expects_vary expect(response).to have_http_header('Vary', expects_vary) if expects_vary
expect(response.headers['Cache-Control']).to include('public') expect(response).to have_http_header('Cache-Control', 'public')
end end
end end

11
spec/support/matchers/http_headers.rb Normal file
View file

@ -0,0 +1,11 @@
# frozen_string_literal: true
RSpec::Matchers.define :have_http_header do |header, values|
match do |response|
response.headers[header].match?(values)
end
failure_message do |response|
"Expected that `#{header}` would have values of `#{values}` but was `#{response.headers[header]}`"
end
end